Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    letsvpn-latest.exe.vir

  • Size

    18.2MB

  • Sample

    240829-bac7lsxcrk

  • MD5

    401a07a0b36cbdea583fbb55c1b934bc

  • SHA1

    36866ac3dc267b9ccd92d9ff53e9574ef13ee041

  • SHA256

    41829e5657955b3e6f1f96d2ae97c15cdefaef0d8fab48e09c9bd4ec961f9bd5

  • SHA512

    695e4afba0e51100b9e23432908128436ce442f9eaeca489317f96020319b937e22e38fec02acadeb0f3802d543fd36a96d7b815dd2854aa043cd15b8a06120d

  • SSDEEP

    393216:GbSXb4YVsff4ePzvH8GVkOu37wT1V46ffPDbN4XsoX3a:GlM5eLf8CM7wX4SfPgi

Malware Config

Targets

    • Target

      letsvpn-latest.exe.vir

    • Size

      18.2MB

    • MD5

      401a07a0b36cbdea583fbb55c1b934bc

    • SHA1

      36866ac3dc267b9ccd92d9ff53e9574ef13ee041

    • SHA256

      41829e5657955b3e6f1f96d2ae97c15cdefaef0d8fab48e09c9bd4ec961f9bd5

    • SHA512

      695e4afba0e51100b9e23432908128436ce442f9eaeca489317f96020319b937e22e38fec02acadeb0f3802d543fd36a96d7b815dd2854aa043cd15b8a06120d

    • SSDEEP

      393216:GbSXb4YVsff4ePzvH8GVkOu37wT1V46ffPDbN4XsoX3a:GlM5eLf8CM7wX4SfPgi

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

MITRE ATT&CK Enterprise v15

Tasks